Generate Signature
Use case
There are two use kind of signature to be generated, one is to obtain access token, and another is for transaction. Signature for B2B Access Token is encrypted in an asymmetrically way, while for transaction signature is encrypted in a symmetrically way.
Generate Signature To Obtain Access Token (B2B)
You can find the required structure of the string to be encrypted as below:
<X-CLIENT-KEY> | <X-TIMESTAMP>
(on ISO8601 format)
which then signed using SHA256withRSA
with Private/Public Key pair merchant has generated.
Example:
merchant_client_key|2024-05-13T14:53:06.991+07:00
Final Result: X-Signature: aw3o6HM68vJDLO4nxAPgK0it5nd6zik3bUgMzqLiTrIB7w1QbnCLDo/IMVjaYsbPk9s=
Generate Signature For Transaction API
You can find the required structure of the string to be encrypted as below:
<HTTP METHOD> + ":" + <RELATIVE PATH URL> + ":" + <B2B ACCESS TOKEN> +
":" + LowerCase(HexEncode(SHA-256(Minify(<HTTP BODY>)))) + ":" + <X-TIMESTAMP>
which then encrypted using HMAC-SHA512
with merchant's Secret Key that Durianpay give.
Example: POST:/v1.0/balance-inquiry:eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJEdXJpYW4gTW9uZXkiLC
:f806c49e8cd175aa9dd5dd8e0a49648c885954d:2024-05-13T15:07:07+07:00
Final Result: X-Signature: tnNHFw5ZCWjnHFd9UGAB5iDLuwo+89efml8F1CP8vaqut/PfNWac/XLiCkLt3zGHTppZKPxz/PPptqM2alsOFA==